How to configure Managed Domain for iOS devices
Apple’s Managed Domain is a security feature that helps in protecting the corporate data by controlling which apps can open documents downloaded from the enterprise domains using Safari. You could also specify the domains for which the password autofill is to be enabled in Safari.
Hexnode also allows you to list certain email domains as managed, ensuring security for the emails sent outside the listed domain. If an email is sent to a domain not listed here, then it will be highlighted as out-of-domain in the Mail app.
Configure Managed Domain Settings
- Login to your Hexnode portal.
- Navigate to Policies.
- Select an existing policy or create a new one by clicking on New Policy.
- Go to iOS > Security > Managed Domain and click on Configure.
You have the following options to be configured.
- Unmarked Email Domains – The required email addresses can be listed here. Any email address that does not contain a suffix that matches with any of the listed domains will be regarded as out of domain. It will be highlighted in the Mail app.
- Managed Web Domains – The required Safari web domains can be listed here. Any documents downloaded from these web domains are considered as managed.
- Managed Web Domains for Password Autofills on Safari – The required Safari web domains for which password autofills are to be enabled can be listed here. Hence, users can save passwords only for the URL’s listed here. This feature is supported only on iOS version 9.3 and later.
Once these options are configured, you can associate these policies with devices.
Associate Policies with Devices / Groups.
If the policy has not yet been saved.
- Navigate to Policy Targets.
- Click on +Add Devices.
- Select the devices and click OK.
- Click on Save to apply the policies to devices.
Apart from devices, you can also associate the policies with device groups, user and user groups from ‘Policy Targets’.
If the policy has been saved, you can associate it by another method.
- From ‘Policies’, check the policies to be associated.
- Click on Manage → Associate Targets and select the device.
- Click on Associate to apply policy to the devices.
Here, once the policies have been applied, the managed domain will be configured on your device.
What happens at the device end?
Once the domains are configured in your portal, this is what happens at the device end.
- Unmarked Email Domain: Out-of-domain mail will be highlighted in the mail app as shown below.
- Managed Safari Domain: Any files downloaded from the web domains listed will be considered as managed. If the restriction “Open documents from managed apps in unmanaged apps” is checked within Policies > iOS > Security > Business Container, then these files can be opened in both managed as well as unmanaged apps. If unchecked, the files can only be accessed from managed apps.
- Safari Password Autofills Domain:
Users can save password only for the URL’s listed here.